From 1927fda5142c134b39bb8c6837985747e5b88bdb Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Mon, 3 Dec 2018 22:33:21 +0000
Subject: [PATCH] Allow operator to access liquid-cli

---
 generate_secrets.sh    |  1 +
 modules/liquid.nix     |  1 +
 modules/nixbitcoin.nix |  2 ++
 network-vbox.nix       | 12 ++++++++++--
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/generate_secrets.sh b/generate_secrets.sh
index 5cf6eec..314abbb 100755
--- a/generate_secrets.sh
+++ b/generate_secrets.sh
@@ -14,6 +14,7 @@ echo Write secrets to $SECRETSFILE
     echo \{
     echo "  bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
     echo "  lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
+    echo "  liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
     echo \}
 } >> $SECRETSFILE
 echo Done
diff --git a/modules/liquid.nix b/modules/liquid.nix
index a210da6..151c37e 100644
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@@ -185,6 +185,7 @@ in {
         cp '${configFile}' '${cfg.dataDir}/liquid.conf'
         chmod o-rw  '${cfg.dataDir}/liquid.conf'
         chown '${cfg.user}:${cfg.group}' '${cfg.dataDir}/liquid.conf'
+        echo "rpcpassword=$(cat /secrets/liquid-rpcpassword)" >> '${cfg.dataDir}/liquid.conf'
       '';
       serviceConfig = {
         Type = "simple";
diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix
index 4e90d02..3f12bac 100644
--- a/modules/nixbitcoin.nix
+++ b/modules/nixbitcoin.nix
@@ -118,6 +118,8 @@ in {
     };
 
     services.liquidd.enable = cfg.modules == "all";
+    services.liquidd.rpcuser = "liquidrpc";
+
     services.lightning-charge.enable = cfg.modules == "all";
     services.nanopos.enable = cfg.modules == "all";
     services.nixbitcoin-webindex.enable = cfg.modules == "all";
diff --git a/network-vbox.nix b/network-vbox.nix
index 43aca5b..adb4171 100644
--- a/network-vbox.nix
+++ b/network-vbox.nix
@@ -22,6 +22,13 @@ let
     group = "nanopos";
     permissions = "0440";
   };
+  liquid-rpcpassword = {
+    text = secrets.liquidrpcpassword;
+    destDir = "/secrets/";
+    user = "liquid";
+    group = "liquid";
+    permissions = "0440";
+  };
 in
 {
   bitcoin-node =
@@ -32,9 +39,10 @@ in
       deployment.virtualbox.vcpu = 2; # number of cpus
       deployment.virtualbox.headless = true;
 
-
       deployment.keys = {
         inherit bitcoin-rpcpassword lightning-charge-api-token;
-      } // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { });
+      }
+      // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
+      // (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { });
     };
 }